A quick search turned up a simple fix: Reboot the server a second time.

Sure enough, good to go:

As a rule, we deploy a TPM in all of our physical DCs that are deployed with our clusters. They are then encrypted using BitLocker. This greatly reduces the exposure to compromise if someone has physical access to that DC. For virtual DCs, we now have the ability to pass a vTPM through to the guests in Server 2016. We're still in the testing phase, but our plan is to have _all_ domain controllers on networks we manage encrypted!

Friday, 18 August 2017

This quick post is for the time challenged folks trying to figure things out as far as how the new Intel Xeon Processor Scalable Family relates to the previous generation Intel Xeon Processor E5-2600 series.

Please note that all of the images below are from the above article.

The above grid gives us an idea of which processor grade goes where. Our standard go-to has been the Intel Xeon Processor E5-2620 through the E5-2640 which were at one time the mainstream processors.

The next tier for us would be the E5-26*3 and E5-26*7 series that provided high bin counts (GHz) with low core counts.

Now we can see that the mainstream processors are Silver and the performance grade are Gold.

In the charge above 2S, 4S, 8S is the number of sockets the processor supports. DPC is DIMMs Per Channel.

As we can see, there are just a few new features included in the new processor family.

Some Thoughts

There is a definite glaring omission in this new processor family: Fourth Generation PCIe :(

While the newly introduced Purley platform has integrated PCIe NVMe ports on the server boards and backplanes there is still a lack of clarity as far as what we need to make things work on the Intel Server System platform.

The PCIe channel count bump from 32 to 48 is most certainly not enough especially with the spec stuck in Generation 3. A pair of 100Gb Mellanox Ethernet cards and a few PCIe NVMe SSDs and we're pretty much saturating the bus ... again.

And one more thing as we've not had a chance to compare apples to apples yet, the new processors look to be more expensive than the previous generation E5-2600v4 equivalents. And, it seems as the core counts go up so do the prices in an almost exponential way.

Friday, 11 August 2017

Currently, we have a pending order with a Taiwanese vendor for some TWSBI fountain pens.

The above image is from TWSBI's web site. It's a TWSBI Diamond 580 Clear. There's also a Mini version that travels a lot better.

Pilot makes some gorgeous inks. The above ajisai is a pretty neat colour that will be the go-to for regular note taking. We have several different colours on their way at the moment.

When there is a need to write in pencil the Platinum PRO-USE 03 (MSD-1500) is one of the best mechanical pencils ever made in my opinion.

When it comes to art, my primary medium is coloured pencil on various media or graphite pencil also on various media. I'm currently working on a Tiger Moth Orchid using Faber-Castell Polychromos oil based colour pencils.

All of the above is to bring about just how important the digital ink experience needs to be. While not a professional digital ink writer or artist by any means, the digital ink experience is quite important.

To date, my personal best digital pen experience for both writing and art has been with the Microsoft Surface Pro 3 with the Pro 4 (SP4) being even better.

The SP4 provides an excellent platform for one who prefers to write over type.

OneNote has an excellent recognition process that allows for hand written notes to be copied and pasted into Word. For those that take notes at meetings to provide minutes at a later date this feature works great!

It's also great for those that attend conferences to gain information. Writing the notes on the fly can be a lot faster, especially for those of us that developed a written shorthand while in university classes back in the day. ;)

Tie in the taking of pictures to use as a reference later in the day when re-working the handwritten notes into a final set and we have a pretty good method for building some pretty good written work such as articles, blog posts, or even books.

Side Note: Another aspect of writing versus typing is in memory retention. Retention seems to be _a lot_ better when notes are taken live with a pen versus typing those notes in. Retention gets even better if the "crib" notes and pictures are re-worked later that day into a final set of notes.

At some point time will be spent with the Microsoft Surface Studio. It seems to be about the best platform out there for the artistically inclined. We certainly know of quite a few engineering, architectural, and other such firms either switching or looking to switch to the Surface Studio.

The one catch though is that it is difficult to let go of pen and paper when it comes to art. For some, the "analog" versus "digital" art "discussion" can be quite "religious" in nature. ;)

Suffice it to say, if looking for a new ultra-portable system that will run most work related applications and provide an excellent platform for the written word the Surface Pro 4 is the one to choose.
Philip Elder Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint BookOur Cloud Service
Twitter: @MPECSInc

Tuesday, 1 August 2017

When we went to remove the old certificate in EAC we received the following error:

error
A special Rpc error occurs on server SERVERNAME: The internal transport certificate cannot be removed because that would cause the Microsoft Exchange Transport service to stop.
To replace the internal transport certificate, create a new certificate. The new certificate will automatically become the internal transport certificate. you can then remove the existing certificate.

Searching turned up a lot of suggestions to just delete the old certificate in the Personal certificates store. Somehow, that did not strike as being the correct methodology since the error makes it clear that the old certificate is still in use.

The proper methodology is to run the following PowerShell in the Exchange Shell to create and bind a new self-issued certificate. Since the certificate is bound to internal services there are no trust issues as indicated by the error message.

SUBSCRIBE

ABOUT

Our primary IT vertical is accounting firms since 1998. From accounting app support through to highly available solutions for accounting firms we've got it covered. I'm a Microsoft MVP since 2009. First on SBS and then starting in 2014 on Cluster.